3 matches found
CVE-2022-29188 Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen
Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...
CVE-2022-29188 Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen
Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...
CVE-2022-29188
CVE-2022-29188 FFECT: Smokescreen’s HTTP proxy could bypass its deny-list when a hostname is wrapped in square brackets (e.g., [example.com]). The issue is limited to the HTTP proxy functionality; HTTPS traffic is unaffected. Concrete details across connected sources confirm the vulnerability exi...